Abstract: Disclosed are devices, apparatuses, systems, computer readable media, and methods for improving the security of circuitry designs using HDL code. In one aspect a method is disclosed. the method includes receiving a hardware design language (HDL) representation of a circuit; inserting flow tracking into the HDL representation, wherein the flow tracking adds one or more security labels that are tracked throughout the circuit; and generating an enhanced HDL representation of the circuit, wherein the enhanced HDL representation comprises the HDL representation and the flow tracking, wherein the enhanced representation including the one or more security labels that are tracked throughout the circuit enables a security determination a model for tracking timing-based information flows through HDL code is disclosed. The disclosed technology is used to verify security properties on a variety of equipment including crypto cores, bus architectures, caches and arithmetic modules.

Abstract: The present disclosure includes systems and methods relating to information flow tracking and detection of unintentional design flaws of digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more security properties specifying a restriction relating to the one or more labels for implementing an information flow model; generating the information flow model; performing verification using the information flow model, wherein verification comprises verifying whether the information flow model passes or fails against the one of more security properties; and upon verifying that the information flow model passes, determining that an unintentional design flaw is not identified in the hardware design.

Abstract: Disclosed are devices, apparatuses, systems, computer readable media, and methods for improving the security of circuitry designs using HDL code. In one aspect a method is disclosed. the method includes receiving a hardware design language (HDL) representation of a circuit; inserting flow tracking into the HDL representation, wherein the flow tracking adds one or more security labels that are tracked throughout the circuit; and generating an enhanced HDL representation of the circuit, wherein the enhanced HDL representation comprises the HDL representation and the flow tracking, wherein the enhanced representation including the one or more security labels that are tracked throughout the circuit enables a security determination a model for tracking timing-based information flows through HDL code is disclosed. The disclosed technology is used to verify security properties on a variety of equipment including crypto cores, bus architectures, caches and arithmetic modules.

Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.

Abstract: A preferred method for providing multi-level security to a gate level information flow receives or specifies a security lattice having more than two security levels. The security lattice defines how security levels relate to each other. A hardware design implementing information flows including flows having security levels specified by the security lattice is received. Logic is created for testing the hardware design in view of the security lattice. A logic function is created based upon the hardware design and the logic for testing to implement the security lattice. Another method receives a hardware design in a hardware description language. At least a portion of the hardware design is synthesized to gate level primitives. Functional component tracking logic supporting more than two-security levels is built from the gate level primitives. Functional components in the hardware design are simulated with the functional component tracking logic.

Abstract: The present disclosure includes systems and methods relating to information flow tracking and detection of unintentional design flaws of digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more security properties specifying a restriction relating to the one or more labels for implementing an information flow model; generating the information flow model; performing verification using the information flow model, wherein verification comprises verifying whether the information flow model passes or fails against the one of more security properties; and upon verifying that the information flow model passes, determining that an unintentional design flaw is not identified in the hardware design.

Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.

Abstract: A method for detecting a timing channel in a hardware design includes synthesizing the hardware design to gate level. Gate level information flow tracing is applied to the gate level of the hardware design via a simulation to search for tainted flows. If a tainted flow is found, a limited number of traces are selected. An input on the limited number of traces is simulated to determine whether the traces are value preserving with respect to taint inputs, and to determine that a timing flow exists if the traces are value preserving with respect to the taint inputs.

Abstract: A preferred method for providing multi-level security to a gate level information flow receives or specifies a security lattice having more than two security levels. The security lattice defines how security levels relate to each other. A hardware design implementing information flows including flows having security levels specified by the security lattice is received. Logic is created for testing the hardware design in view of the security lattice. A logic function is created based upon the hardware design and the logic for testing to implement the security lattice. Another method receives a hardware design in a hardware description language. At least a portion of the hardware design is synthesized to gate level primitives. Functional component tracking logic supporting more than two-security levels is built from the gate level primitives. Functional components in the hardware design are simulated with the functional component tracking logic.

Abstract: A method for detecting a timing channel in a hardware design includes synthesizing the hardware design to gate level. Gate level information flow tracing is applied to the gate level of the hardware design via a simulation to search for tainted flows. If a tainted flow is found, a limited number of traces are selected. An input on the limited number of traces is simulated to determine whether the traces are value preserving with respect to taint inputs, and to determine that a timing flow exists if the traces are value preserving with respect to the taint inputs.

Abstract: A method for reducing operations in a processing environment is provided that includes generating one or more binary representations. One or more of the binary representations are included in one or more linear equations that include one or more operations. The method also includes converting one or more of the linear equations to one or more polynomials and identifying one or more common subexpressions associated with the polynomials in order to reduce one or more of the operations. The identifying step is facilitated by an algorithm that iteratively selects divisors and then uses the divisors to eliminate common subexpressions among the linear equations. The method can also take into account the delay of expressions while performing the optimization. Further, it can optimize a polynomial to reduce the number of operations. Additionally, it can optimize the exponents of variables.

Abstract: A method for reducing operations in a processing environment is provided that includes generating one or more binary representations, one or more of the binary representations being included in one or more linear equations that include one or more operations. The method also includes converting one or more of the linear equations to one or more polynomials and then performing kernel extraction and optimization on one or more of the polynomials. One or more common subexpressions associated with the polynomials are identified in order to reduce one or more of the operations.